Login form for website using web service in asp.net

Question

I am trying to log in to a web service from a website. I have an access database with table USERS (id, user, pass, int admin(1 if it is, 0 if it isn't). In the web service I have this webmethod:

[WebMethod]
public DataSet login(string u, string p)
{
    OleDbConnection CNN = null;
    OleDbCommand CMD = null;

    string sql = "select * from users where username ='" + u + "' and pass='" + p + "' ";

    CNN = new OleDbConnection(conn);
    CMD = new OleDbCommand(sql, CNN);
    CMD.Connection.Open();

    OleDbDataAdapter adapter = new OleDbDataAdapter(CMD);
    DataSet ds = new DataSet();
    adapter.Fill(ds, "logged");

    CNN.Close();
    return ds;
}

And, in the web site I have this code:

protected void Button1_Click(object sender, EventArgs e)
{
    db.Service Login = new db.Service();

    Login.login(lUser.Text, lPass.Text);
}

So my question is how can I see if the logged user is admin or no ?

I was thinking somehow to read it from the DataSet ds - since it is filled with all the information that I need, but how to do that ?

Thanks, dnisko

Answer 1

First of all please avoid passing user typed values to the database directly using sql strings. You are open to SQL Injection attacks and it is error prone as well

//Parametrize your following query.
string sql = "select * from users where username ='" + u + "' and pass='" + p + "' "; 

Here is an example on how to parametrize OleDbCommand.

Answer to your question:

Your login() method returns a DataSet object, so you need to assign the return vale of login() method to a DataSet .

db.Service Login = new db.Service();

DataSet ds = Login.login(lUser.Text, lPass.Text);

bool isAdmin = false;

//Check if there is a record for the username and password
if(ds.Tables[0].Rows.Count == 1)
{
    //now check if user is an admin or not
    isAdmin = Convert.ToBoolean(ds.Tables[0].Rows[0]["admin"]);

    if(isAdmin)
    {
        //User is an admin
    }

}else{

   //User does not exist in the database
}